Cve-2025-12143 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2025-12143/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 21 May 2026 16:09:18 +0000ABB Terra AC Wallbox Vulnerabilities Allow Remote Control and Firmware Alterationhttps://feed.craftedsignal.io/briefs/2026-05-abb-terra-ac-wallbox-vulns/Thu, 21 May 2026 16:09:18 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-abb-terra-ac-wallbox-vulns/Multiple buffer overflow vulnerabilities in ABB Terra AC Wallbox versions <=1.8.33, exploitable via Bluetooth hijacking, could allow an attacker to remotely control the device and alter its firmware.ABB Terra AC Wallbox versions <=1.8.33 (JP) are susceptible to three buffer overflow vulnerabilities: CVE-2025-10504 (Heap-based), CVE-2025-12142 (Classic Buffer Overflow), and CVE-2025-12143 (Stack-based). Successful exploitation could lead to heap memory pollution, potentially enabling remote control of the device and unauthorized firmware modifications. While the advisory suggests Bluetooth hijacking is a prerequisite for exploitation due to encryption, the impact of a successful attack on charging infrastructure warrants attention from defenders. ABB has released version 1.8.36 to address these issues and recommends that customers apply the update at earliest convenience. These vulnerabilities are especially relevant to organizations in the energy sector, where these charging stations are deployed worldwide.

Attack Chain

  1. Attacker gains unauthorized access to the ABB Terra AC Wallbox via Bluetooth, bypassing encryption (e.g., through brute-force or vulnerability in the Bluetooth stack).
  2. Attacker develops a custom application designed to communicate with the charging station using a self-defined protocol.
  3. Attacker crafts a malicious message with an unexpected field length, specifically targeting the memory handling routines.
  4. The crafted message triggers a heap-based buffer overflow (CVE-2025-10504), polluting the heap memory.
  5. The memory corruption allows the attacker to overwrite critical data structures in memory.
  6. The attacker leverages the corrupted memory to gain control of the device’s execution flow.
  7. The attacker performs a write operation to the flash memory, altering the device’s firmware.
  8. The compromised firmware enables the attacker to remotely control the charging station, potentially disrupting service or causing damage.

Impact

Successful exploitation of these vulnerabilities could allow an attacker to remotely control ABB Terra AC Wallbox devices. This could lead to disruption of electric vehicle charging services, potentially impacting transportation and energy infrastructure. Altering the firmware could introduce malicious functionality, such as denial-of-service attacks or unauthorized access to the power grid. The vulnerabilities affect installations worldwide, with the most immediate concern being in the energy sector. While the advisory acknowledges the need to hijack Bluetooth first, the ability to overwrite firmware has significant implications.

Recommendation

  • Apply the vendor-provided patch (Terra AC wallbox (JP) 1.8.36) to remediate CVE-2025-10504, CVE-2025-12142, and CVE-2025-12143 on affected ABB Terra AC Wallbox devices.
  • Monitor network traffic for suspicious Bluetooth activity targeting ABB Terra AC Wallbox devices, specifically looking for unexpected data lengths in custom protocol messages (Generic Bluetooth Detection Rule).
  • Implement network segmentation to isolate control system devices like the ABB Terra AC Wallbox from the internet and other business networks, as suggested by CISA.
]]>mediumadvisoryicsbuffer overflowcve-2025-10504cve-2025-12142cve-2025-12143